Cisco Blogs


Cisco Blog > Security

Minimize Threats from Non-Corporate Mobile Apps

November 14, 2014 at 7:18 am PST

Our customers are continuing to feel the pain of having to increasingly support off-premise mobile devices like smartphones and tablets. The critical need to rapidly onboard these devices to connect to corporate services and applications pretty clearly provides business with a  competitive advantage (Cisco Enterprise Mobility Landscape Wave II Study – April 2014) in improving workforce efficiency.

Consider the sales person who needs to check a customer order from his corporate- sanctioned tablet in the customer’s lobby.  Look at the contractor with their personal smartphone who needs to access project emails from home.

What is the big problem? The rush to provide access to these off-premise devices means we have reduced or even discarded needed security controls when it comes to remote connectivity for mobile devices. Offering access from any device, any location, anytime, opens the door to potential security threats.  The mobile endpoint is a threat vector with 68% of organizations saying their mobile devices were targeted by malware in the last 12 months (Ponemon Research.)

What if I secure these devices using VPN technology in the same way as laptops? While, ”Turning On” VPN on any endpoint means that all traffic and applications (personal and enterprise) are all transmitted over the same VPN channel to access corporate networks.  This co-mingling of corporate and user apps allows the possibility of un-compromised user applications polluting corporate infrastructure and increases the risk of threats to the network.

So now what? I don’t want to enable VPN every single time I try to look up a document or use salesforce.com or access email. That increases the complexity for the user and gives them a reason to either find a way around the process or nullifies the efficiency business want to promote with their mobile workforce.

The answer lies with the introduction of Cisco AnyConnect 4.0 offering  customers the ability to deliver per-application secure access for only approved corporate applications in way that is seamless to the user.  By just clicking on the registered corporate application I want to use, I can automagically create a secure connection for JUST that application each time. This means I don’t mix access to corporate resources between authorized applications and potentially infected user applications. It even reduces bandwidth and IT resource usage since user applications do not get tunneled back to corporate and has to go through user networks (mobile or WiFi).

PerAPP

Enterprises want to empower their mobile users to work from anywhere while IT wants a simple way to control and secure enterprise access consistently across any device whether on or off-premise.   AnyConnect continues to evolve to provide integrated and flexible security and access control for any remote and/or mobile endpoints.

AC

 

 

 

 

To learn more how to better secure your remote endpoints, check out Cisco AnyConnect

Tags: , , , ,

#NCSAM: Cisco’s Cyber Security Story

As National Cyber Security Awareness Month (NCSAM) arrives, now is a good time to look at the rapid expansion of information growth. We believe that cyber security centers around an important question that all who serve, protect and educate should consider – if you knew you were going to be compromised, would you prepare security differently?

It’s no longer a matter of “if” an outside party will infiltrate a system, but “when.” We read about new threats in the news every day, and it’s important to consider innovation when it comes to protecting our most precious assets and information.

We look at preparedness from three angles: what it takes to manage security before an attack, how to react during a breach and what to do in the aftermath. Security professionals need to evolve their strategy from a point-in-time approach to a continuous model that addresses the full continuum.

The Cisco approach is visibility-driven, threat-focused and platform-based. By performing live policy and attack demonstrations, organizations can help to ensure that they are prepared for what may come across multiple platforms. Read More »

Tags: , , , ,

Mobile Cloud Security: What CXOs Need to Know

As organizations seek ways to maintain real-time connections with their workforce and customers in an increasingly digital and mobile-centered world, the growth of mobile cloud will be a major force in shaping the business landscape and future tech decisions. The first blog post in this series, by Padmasree Warrior, explores how the convergence of mobility and cloud will deliver unprecedented transformation for all organizations. The second blog post in this series, by Sujai Hajela, answers the question of what mobile cloud really is and how it continues to provide new business opportunities. In the third post, Joe Cozzolino looks at what mobile cloud means for service providers and enterprises. And finally, this post will discuss the need for end-to-end security in a mobile cloud environment.

Mobile cloud services are growing exponentially in both number and scope. According to a report from Smith’s Point Analytics released late last year, mobile cloud services platforms are projected to grow over the next four years from US$579 million to a staggering US$4.4 billion in 2017.

Read More »

Tags: , , , ,

Security Compliance is Necessary for Real-Time Mobile Data Access

August 21, 2014 at 9:00 am PST

As a business or technical leader, you know you need to protect your company in a rapidly evolving mobile ecosystem. However, threats are not always obvious. As malware and attacks become more sophisticated over time, business decision makers must work with technical decision makers to navigate security threats in a mobile world.

This blog series, authored by Kathy Trahan, explores the topic of enterprise mobility security from a situational level and provides insight into what leaders can do now to mitigate risk. To read the first post focused on securing device freedom, click here. The second post, available here, focused on the risks that come with mobile connections. Kathy’s third post explored how to secure mobile data. – Bret Hartman, Chief Technology Officer (CTO) for Cisco’s Security Technology Group

In today’s mobile and cloud-centric landscape, the ability for employees to access data, account information, real-time statistics, and other pertinent information on their personal devices is what it takes to remain competitive in the business marketplace.

And while the rush has been on to empower employees to be able to connect from anywhere, security concerns are topping the “must address” list of enterprises everywhere.

One key concern is the increasing use of mobile devices to access relevant business information. In fact, according to the Cisco Connected World International Mobile Security survey, 63% of users downloaded sensitive data on such devices.

So, in a scenario where a team of sales representatives are updating account profiles by accessing data on their personal devices, IT and business leaders must ask: How secure is the network the team is using to access sensitive company information? Is it possible malware on their mobile devices can gain entry from a public or private cloud to compromise or steal data? Should mobile security policies prohibit certain employees from downloading certain information when they are off-site?

These questions must be answered. Especially since over the next four years, there will be nearly 21 billion networked devices and connections globally. Business Decision Makers (BDMs) and Technical Decision Makers (TDMs), must team up and determine the best mobile security policies that balance productivity and security of sensitive data, notably understanding security threats and establishing access requirements.
Read More »

Tags: , , , , , , , , ,

The Risk of Remote Connection: What’s Your Plan?

July 17, 2014 at 6:00 am PST

As a business or technical leader, you know you need to protect your company in a rapidly evolving mobile ecosystem. However, threats are not always obvious. As malware and attacks become more sophisticated over time, business decision makers must work with technical decision makers to navigate security threats in a mobile world.

This blog series, authored by Kathy Trahan, will explore the topic of enterprise mobility security from a situational level and provide insight into what leaders can do now to mitigate risk. To read the first post focused on securing device freedom, click here. – Bret Hartman, Chief Technology Officer (CTO) for Cisco’s Security Technology Group

Imagine two of your executives are using a SaaS platform while working off an unsecure hotel Wi-Fi network nearby. Did you know that SaaS and B2B applications are 15 times more likely than pornography to deliver malicious content across a network?

The threats against a remote connection are unfortunately very real and using an unprotected network to access company assets (whether on-premise or in the cloud) can have serious consequences.

As the growth of mobility and cloud blur the lines of our personal and business lives, the “mobile cloud” has drawn users (consumer or employee) to its convenience. According to a recent Gallup poll, nearly 80% of workers had positive feelings for using their own computers and mobile devices to stay connected to work outside of normal business hours.

For IT, the mobile cloud offers huge management efficiencies. Recent Cisco mobility research confirms that mobility strategies are converging with cloud strategies. However, it also forces IT and business leaders to find a happy medium between encouraging corporate productivity and addressing a new wave of security concerns. From the same research, nearly half of the organizational leaders surveyed say security risks can prevent them from moving forward with mobility initiatives.

Despite these risks, It is hard to dispute that off premise access provides significant productivity gains especially as organizations see mobility as a competitive edge to embrace.

As more mobile users enter the market, (over half a billion devices were added just last year) and the number of remote workers becomes more ubiquitous, the expectation is that networks and access should be the same, regardless of location.

Read More »

Tags: , , , ,